Slashdot Mirror
Windows 8 Defeats 85% of Malware Detected In the Past 6 Months
An anonymous reader writes "Now that Windows 8 is on sale and has already been purchased by millions, expect very close scrutiny of Microsoft's latest and greatest security features. 0-day vulnerabilities are already being claimed, but what about the malware that's already out there? When tested against the top threats, Windows 8 is immune to 85 percent of them, and gets infected by 15 percent, according to tests run by BitDefender."
Did any of the malware get past whatever new copy of Windows Security Essentials they cooked up especially for Win 8?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
... to those other similarly received OSs, Windows ME and Vista?
RGdot.com
The reason being it is an AV maker releasing it. They have reason to want to say "Oh the built in AV scanner sucks, you should buy ours!" They may be stacking the results.
AV Comparatives puts MS Security Essentials at about 95% in their latest test, not 85%. Bitdefender is 99.2%.
However one reason for that is false positive rate. MS is willing to trade off some detection to keep it low, because users get pissed off and want to get rid of scanners with lots of false positives. MSE had 0 false positives, BitDefender had 10.
None of this is to say getting a better virus scanner isn't a good idea, just take anything from a company selling a product in an area with a grain of salt. AV Comparatives seems to indicate that wile MSE is certainly not one of the best virus scanners, it isn't bad.
Linux is not 100% secure. Linux is very secure, and is certainly more secure than Microsoft's OSes, but vulnerabilities are discovered all of the time. The biggest distinction is that since Linux is openly developed with the potential for anyone to contribute and for everyone to see, there aren't large, untested milestone releases without public eyes on them like commercial OSes. By the time that the experimental version becomes the release version it's already been vetted. Microsoft doesn't have the same quantity of testing because while there is a beta program, it's not designed to be thoroughly examined.
Do not look into laser with remaining eye.
Since Windows 8 repurposed Microsoft Security Essentials as its new Windows Defender, which is built-in to the operating system, would these statistics hold true for Security Essentials on all systems, or are they unique to Windows 8?
Or is BitDefender just trying to stir up some business?
More like Linux still doesn't have the market share to warrent spending significant time developing malware for it.
Why, not a single malware application can be installed on a banana! They too are immune.
Therefore bananas are now the most secure OS
Reacting is always easy, that's why malware is so efficient. There are AV kits out there that detect 98+ percent of the current malware. Problem is not the malware we know about already, the problem is new malware that infects before patches can be applied and AV signatures can be updated.
OF COURSE a new system is more resilient against current malware. By the very nature that a lot of exploits simply don't work anymore because, well, different codebase, different handling of various things malware relies on. By that logic, MacOS is even superior to Win8 because because zero malware for Win7 can infect MacOS.
The more interesting question is why 15% (one in seven) malware threats still work on Win8.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Actually, when it comes to out-of-the-box security as well as the possibilities offered to knowledgeable admins, Linux isn't really far away from Windows. Both have, from the point of view of a security expert, horrible out-of-the-box security and can be sealed tightly by the hands of good admins.
The main reason why there is less malware for Linux is simply that malware is a business: It's the same reason why there is also less other commercial software for Linux.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Run those same tests/malware against Linux/Mac. 0% gets through.
really? do you think that malware written to take advantage of exploits in the windows OS won't work on linux? thanks for that revelation. linux wins again.
The malware will work if you run Wine.
How does an updated version Windows 7 with Microsoft Security Essentials compare? That information might make this article meaningful.
More like Linux still doesn't have the market share to warrent spending significant time developing malware for it.
Neither does Windows 8.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
That's interesting, the original security press release is quite negative - "Newly launched Window 8 is prone to infection by some 15 per cent of the 100 malware families most used by cyber criminals this year, even with Windows Defender activated, Bitdefender testing revealed." but somehow that's become a positive "Windows 8 protected from 85% of malware detected in the past six months, right out the box"
The original point is that Windows Defender can't detect 15% of this years most popular malware, that's not exactly great for an AV program, or maybe Bitdefender has just written a shill piece with a hand picked sample of unusual malware that trip most AV programs up to flog their own AV solutions?
At any rate the figures useless because they didn't compare it to a fully patched Windows 7 system or alternative AV programs, why did this even make the homepage?
Bitdefender sells security products. Can we get a number from somebody a little less biased, or perhaps somebody biased against microsoft? How about a consulting firm with a good reputation the prefers Linux, but grudgingly supports MS because they have to? Anyway, Bitdefender has an incentive for you to think Win8 is insecure. How are they defining malware? Stuff that says, "to install, please enter admin password"? If 15% of the "malware" comes with those instructions, it'll infect anything.
The malware will work if you run Wine.
I actually have tried that. A lot of the malware that runs fine on Windows crashed or just didn't work properly under Wine. Does that mean Wine is broken, or that the devs haven't broken it enough yet? I can't decide!
Right...
Linux runs on more computers than Windows worldwide.
You know, all those servers, phones, appliances and clouds that make up the Internet? Those.
It may not be on most desktops but its on everything else and it far outnumbers Windows.
It's not more secure because it's more obscure, it's more secure because it's better.
I don't know the meaning of the word 'don't' - J
so what do the numbers mean? that there are a bunch of 0-days out there that they know but haven't bothered to report or fix in the last 6 months? so the stuff silently installs and does naughty things while you surf your daily dose of naked chicks? or if you download the exe, run it as admin and see what happens, then 15% of the time it works?
The overwhelming number of Linux servers worldwide are behind firewalls and will rarely ever attempt to reach out blindly to the internet. There aren't nearly as many attack vectors to exploit. It's far easier to find some bad PHP code to exploit, or an unpatched version of Apache than it is to attack it using traditional methods that might work on a user machine.
The best antivirus is a smart user.
Most malware on Windows gets dumped into %APPDATA% because it can't go anywhere else without raising a red flag. This makes it fairly easy to nuke. The same works for Linux.
I copied bash to my Win8 boxen, ran
# rm -rf /
and now Win8 doesn't boot.
Thanks for the perfect solution.
cheers,
More devices run Linux than Windows. How big of a target do you need?
Ah yes. But which Linux? There is, what, 20+ major distributions and dozens or hundreds of minor ones? Even calling all of them a single OS is almost a stretch, given that some of them have almost nothing in common with each other. That's not one target, it's a few dozen. And it's hacked all the time, just rarely using automated malware tools (because, again, those aren't terribly effective against heavily fragmented targets).
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
"The overwhelming number of Linux servers worldwide are behind firewalls"
Sure. On the other hand there are no small number of firewalls running Linux.
"openly developed with the potential for anyone to contribute and for everyone to see"
I am continually amazed that people think just because they have the source code to an OS they can just scan the code and locate security holes. The low hanging fruit is long gone in today's popular OS's. OS security holes and weaknesses are found by combining and testing multiple executable decision trees with varying environmental factors and then analyzing the captured results which usually includes sorting through binary output, assembler output, and real time memory mapping looking for anomalies. Finding OS level security holes also requires an in-depth knowledge of the various CPU processor instruction sets, memory allocation models, and memory manipulation. To many developers equate OS development with Application development when in reality they are almost entirely different animals requiring radically differing skill sets.
That's OK, it's 15% backwards compatible.
Blank until
"The world has moved to iMoble devices which are mostly locked down."
If you think mobile devices are safely locked down you live in a dream world.
Windows 8 now ranks in the same odds as having "Safe Sex" with an HIV positive individual. Thanks Microsoft.
I don't know if you've heard, but Linux/Android PC's are moving 1.5 million units per day, with a half-billion unit installed base. At the current rate of growth Linux PCs will exceed Earth's human population in Q3 2014.
Help stamp out iliturcy.
Typical Microsoft propaganda here.
You're comparing vulnerabilities found by external forces with totally no insight into the inner workings of an OS to all the vulnerabilities that are found by both external forces and people with intimate knowledge and years of experience in good coding for said system. For a good comparison, you would need to open source Windows and compare the leaks found both internally and externally at Microsoft and I'm not even talking about the methodology of your picking of statistics.
And you're right, MS doesn't rely on users to find bugs, as a matter of fact, trying to submit a bug and proper insight into the bug database at Microsoft is nearly impossible while Linux has (once again) an open system that everyone can use. This only speaks to the problem that Microsoft is having. As a company/team you can only test against a handful of systems usually in an automated fashion and concentrated on regression/unit tests. Your customers who actually use the software will have plenty of use cases that you can't anticipate.
I work in a highly specialized environment myself, using Linux/Mac is a no brainer because of the high flexibility in getting to do the hardware what you actually want while with Windows you're practically running into a wall at every turn because of the layers of crud that have assembled over the years.
Custom electronics and digital signage for your business: www.evcircuits.com
So you're saying that fragmentation is an Android advantage.
Help stamp out iliturcy.
But all that reduces to a tiny set of ways to get code executed, roughly:
array out-of-bounds writes, pointer confusion, writing somewhere (ram, disk) that's executable
The solution is peer review. Its enemies: major releases & closed development.
Science & open-source build trust from peer review. Learn systems you can trust.
The story is about existing malware not new malware. Win 8 for the majority of software is 100% compatible with win 7, just win 8 includes defender to catch a lot of it out of the box. It is a good move, I just hope they keep going with it and get the out of the box detection rate even higher.
They don't fail to run because of incompatibility, they fail to run because win 8 includes defender by default which detects and blocks them.
It's amazing that some people insist that we can't do something which we do all the time. Look at the CVEs man, we find and fix weaknesses all the time. If you did look at the CVEs, you'd find my name. That's pretty solid proof that you're mistaken - I can find vulnerabilities because I do find vulnerabilities. When it comes to Windows, I don't know Windows. I haven't used Windows in fifteen years. When people ask me to work on their computer, I turn away all Windows work except "I forgot my password." I can't USE Windows, but I can sure CRACK Windows.
In the last couple versions of Windows, MS has been trying to implement something like the old (pre SELinux) *nix security model. This after having removed it. Why? Because they had removed the security, for good reason, and the *nix model is a good one. In the old days, there were network operating systems. Many users had terminals to one computer, which protected one user's work from other users mistakes or malice. It was designed for security and it was Unix. It was also huge and EXPENSIVE. One day a guy wanted an OS to fit on a 512k floppy disk and run with 128k RAM so people could afford computers at home. Single home computers, not corporate networks. To make Disk Operating System fit on a floppy, he removed stuff DOS didn't need, like security. (No network meant few threats.) A GUI was added. Backwards compatibilty was maintained with the "no security needed" DOS. Then the internet happened, and Bill crapped his pants. Since then, MS has been trying to design security back in, while maintaining backward compatibility. DOS programs still run on Vista, without running into problems with new security added since Disk Operating System. Linux has always been a network OS, never a disk OS, and has therefore never removed the security model.
It doesn't take a rocket scientist to figure out which OS will have an order or magnitude more market share than the other in 6-12 months...
likewise for the number of viruses infecting it :)
my desktop is full of bomb icons so that it is very risky for a virus to infect it without tripping over one of the bombs and stubbing its toe
only windows is fragmented... thats why they made defrag
imagine a virus infecting tvs, set top boxes, pvrs, etc all running a linux kernel... it would be like synapse from the film "antitrust"
Ok, and now for the desktop where the average clueless user is a much easier target than the average corporation admin.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Linux is still used predominantly by clued users and/or administrators who (usually) know what they're doing. The amount of clueless computer users who also have the root password is fairly low. And the average user with a clue doesn't click everything sent to him, the average admin cannot because he can't check his mail on the server (at least if security did their job).
And hence the market for malware is rather tiny.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
What red flag? You mean the "Do you really want to do this? Yes/No" message? You know, the one that everyone is going to look at and say, "well fucking duh, yes I want to do this, or I wouldn't have told you to do it anyway," just like in the old DOS/Win9x days of "Yes/No/Retry/Fail"? Why no, Windows, I actually want the process to fail, and I don't actually want to install that program...
It's not more secure because it's more obscure, it's more secure because it's better.
Yes and no. What versions of Linux are those machines running? What versions of Apache, MySQL, PHP are they running? Very few Linux installs have common attack vectors.
- The vast majority of common attack vectors on Windows require user interaction. The vast majority of your Linux installs have no users.
- The next big group of common attack vectors on Windows require popular end user software (Acrobat, flash, IE, etc). The vast majority of Linux installs don't have those.
There are many documented cases of attacks on Apache, but again there are many different versions of Apache in common use, and MANY of your Linux installs lack Apache anyway.
Linux benefits greatly from obscurity since there's no extremely popular attack vectors that can be leveraged on an insanely large number of systems, and in those cases where such vectors exist they are often exploited.
Uh, isn't the actual news the other way around?
The most current version of the OS still is vulnerable to 15% of known threats? That's a pretty damning track record if you ask me.
It means that a billion dollar corporation that put security high on its agenda for several years now still can't create something that is secure against well-known attacks, and can't keep up with patches and let's not even talk about pro-active security.
True, there is no such thing as 100% security. Even OpenBSD has had its 0-days. But we're not talking about 0-days here, we are talking about known threats that have been out there for months.
Assorted stuff I do sometimes: Lemuria.org
Windows 8 is not "immune" to 85% of malware any more than Linux is... The malware was simply never written for windows 8 and is subsequently incompatible with it. Once malware is specifically written to target windows 8 the situation will change.
Windows 7 also suffered very low malware infection rates when it was first released, it just took a little while for new malware to be written and for it to propagate.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
That's a bit of a false distinction.
All bugs are found by *someone* doing *something* (obviously). That something is either running some software, or developing some software. The big difference between the world of Linux/FOSS and Windows/proprietary software is: is the dirty laundry aired in public, or in private?
In the world of Linux, if a developer (either application or kernel) discovers a bug, it ends up on publicly-accessible mailing lists etc. If a Windows developer finds a bug, the only people who will hear about it are other Microsoft employees. If a Linux user submits a bug report, it goes on a public-facing bug tracker. If a Windows user submits a bug report, it disappears into the corridors of Redmond and will be fixed in an anonymous Windows Update patch (if at all).
So you can count pretty much every Linux bug and vulnerability accurately, whereas Windows bugs generally don't go public.
And typically takes requests for files and serves them. That has to be done fast, but it's not really that hard. Web servers and routers aren't quite up to the same par as a general-purpose desktop machine designed for ordinary people who don't even know the difference between a virus and a trojan.
Realistically, most security is at the application level these days. You don't need root access to steal peoples' information. Just look at how much havoc you can cause by hitting a web browser with one clever block of JavaScript.
What red flag?
Windows has Windows Resource Protection (WRP). Unlike Linux/Unix, even if you run as an administrator (equivalent to root) you *do not* have permission to change operating system files. Only the TrustedInstaller account can change those files. Furthermore, the files are designated system integrity level raising another barrier. Even if a malicious process succeeds in fooling a user into elevating to high integrity level with administrator privileges, it cannot change those files. WRP also performs integrity checks upon system start. If any files have been tampered with they are restored from an encrypted cache before they are accessed. Is guaranteed security? no - but it pretty good protection and it is unlike anything you'll find in Linux/Unix where root access == pwned.
Windows has Kernel Patch Protection (KPP). KPP encrypts and checksums certain OS tables of the running operating system to prevent tampering by rogue processes which somehow have gained kernel access (e.g. through a vulnerable driver). A rogue kernel process will attempt to patch itself in so that it may intercept disk accesses, network access etc. If KPP determines tampering it will halt the system. Is guaranteed security? no - but it is unlike anything you'll find in Linux/Unix.
Windows has a kernel mode signing policy which requires all software (drivers and more) which are to be loaded in kernel space to be digitally signed. If they are not signed they cannot be loaded. If a driver has been tampered with, the signature will be invalid and the kernel will refuse to load it. Ubuntu and Fedora now does have some signing protection, but they are incomplete in comparison, e.g. they only protect executable modules, not configuration files.
Windows 8 introduced secure boot. The Windows 8 boot loader is signed with a key known to the UEFI bios. The boot loader will in turn check the integrity of the OS and configuration (using digital signatures) before the proceeds. This closes the vector where a bootkit takes control of the system and boots the OS in a virtualized environment through which it can patch the OS after boot.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
I don't know if you've heard, but Linux/Android PC's are moving 1.5 million units per day, with a half-billion unit installed base.
Exactly!
That totally debunks the market share argument since Android has not seen a malware explosion, even with it's huge market share.
Oh wait...
That's why Google has stated that Android does not need any malware scanner like Windows Defender
Oh, wait...
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
Windows 8 Incompatible with 85% of the Most Widely Installed Software
http://alternatives.rzero.com/
Unfortunately, windows 8 also defeats 85% of users who attempt to use it do actually do something useful (as opposed to just oohing and aahing over the pretty tiles)
I don't get the Windows Eight Hate.
For my part, it's not hate. It's simply two decades of experience showing that every other windows release sucks. Since Vista sucked and 7 was halfway decent, 8 is going to suck. Microsoft isn't one to break with long traditions, is it?
So basically, I don't hate it, I just don't care. My point was about how a specific perspective changes the message.
Assorted stuff I do sometimes: Lemuria.org